1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible/Probable Malware

Discussion in 'Virus & Other Malware Removal' started by Prawnwoman, Dec 21, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Please, I would appreciate any help you can provide.

    My computer has been misbehaving since I accidentally clicked on a suspicious link. I have Windows XP Media Center 2004, and a message comes up in Media Center telling me that audio and video playback are not possible because of missing and/or corrupted files. On reboot, the computer ran CHKDSK and said several files had problems, but claimed to repair them. Then it ran CHKDSK several more times with different problems found.

    Today Visual FoxPro 8.0 began terminating with the following error condition:
    AppName: vfp8.exe AppVer: 8.0.0.2521 ModName: vfp8.exe
    ModVer: 8.0.0.2521 Offset: 00016e76
    The error in the Event viewer application log was:
    The description for Event ID ( 1000 ) in Source ( Microsoft Visual FoxPro ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: vfp8.exe, 8.0.0.2521, vfp8.exe, 8.0.0.2521, 00016e76.
    Per your suggestion, I tried to use sysinfo.exe to collect system info; it terminated unsuccessfully. Event viewer application log contained this:
    Faulting application sysinfo.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x08458bfc.
    Other recent changes: I replaced my RADEON 9200 video card with an Nvidia GeForce 8400GS, but have since removed it and put the Radeon back because a message said the Nvidia driver was corrupted, but several attempts to reinstall it failed.

    NAV found and quarantined a file called 0.5272392540695774.exe but was unable to provide any additional info.

    Windows File Protection confirmed problems with my DLL cache, but I only have OEM OS, so I couldn't repair it.

    I have pasted in my Hijack This log and DDS.TXT below, and attached attach.txt. However, although I tried it several times (including downloading fresh copies), GMER hung every time I ran it. (Yes, I was careful to close all other apps and leave the mouse alone). Is there another rootkit scanner I can use, or can you give me recommendations to get GMER to run correctly? Thanks much for providing this service.


    Hijack This results:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:53:39 PM, on 12/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\WINDOWS\System32\imapi.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
    C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
    C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office10\OSA.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\QUICKENW\QWDLLS.EXE
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Corel\CorelDRAW Graphics Suite X4\Programs\CorelDRW.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.nature-by-design.com"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\534oq6hu.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ADMINISTRATOR\Application Data\Mozilla\Profiles\default\534oq6hu.slt\prefs.js)
    O2 - BHO: searchersmart search enhancer - {0643F673-B23F-5888-8EB0-F9ED61EB10F9} - C:\WINDOWS\system32\okpywqasyaftxmp.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: offersfortoday browser enhancer - {36377A93-000C-E73B-A58B-A58FACEA633F} - C:\WINDOWS\system32\xtqbtfyqsyeg.dll (file missing)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\IPS\IPSBHO.DLL
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKUS\S-1-5-21-3241412204-1529348138-3226304695-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3241412204-1529348138-3226304695-500\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
    O4 - HKUS\S-1-5-21-3241412204-1529348138-3226304695-500\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.travelers.com
    O15 - Trusted Zone: http://*.travelerspc.com
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179882875506
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179882858584
    O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    --
    End of file - 15880 bytes


    The DDS.TXT file:


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Administrator at 18:11:40.23 on Tue 12/21/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: searchersmart search enhancer: {0643f673-b23f-5888-8eb0-f9ed61eb10f9} - c:\windows\system32\okpywqasyaftxmp.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {243b17de-77c7-46bf-b94b-0b5f309a0e64} - c:\program files\microsoft money\system\mnyside.dll
    BHO: offersfortoday browser enhancer: {36377a93-000c-e73b-a58b-a58facea633f} - c:\windows\system32\xtqbtfyqsyeg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: Search panel: {bca4e146-cf17-5521-c31a-36390ec8b438} - c:\windows\system32\okpywqasyaftxmp.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [BackupNotify] c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
    mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
    mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
    mRun: [PS2] c:\windows\system32\ps2.exe
    mRun: [QuickFinder Scheduler] "c:\program files\wordperfect office 11\programs\QFSCHD110.EXE"
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
    mRun: [AlcxMonitor] ALCXMNTR.EXE
    dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\program files\quickenw\BILLMIND.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quickenw\QWDLLS.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
    Trusted Zone: travelers.com
    Trusted Zone: travelerspc.com
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179882875506
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179882858584
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
    DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
    DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxsrvc.dll
    LSA: Notification Packages = scecli scecli

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\4cwshz6o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: browser.startup.homepage - www.nature-by-design.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPSVG3.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\IPSFFPlgn
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\administrator\application data\Move Networks

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-12-21 18:39:34 -------- d-----w- c:\docume~1\admini~1\applic~1\WinBatch
    2010-12-21 16:23:22 -------- d-----w- C:\fac3d73d054712714d362e
    2010-12-21 16:21:53 -------- d-----w- C:\fb5585a6bf4c538749d45bd4
    2010-12-20 21:28:20 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-12-20 21:28:19 79872 ------w- c:\windows\system32\msxml6r.dll
    2010-12-20 21:28:19 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-12-20 21:28:19 1306624 ------w- c:\windows\system32\msxml6.dll
    2010-12-20 21:26:53 884712 ------w- c:\program files\msn\msncorefiles\install\msn9components\digcore.exe
    2010-12-20 21:26:53 1327320 ------w- c:\program files\msn\msncorefiles\install\msnsusii.exe
    2010-12-20 21:26:50 11053008 ------w- c:\program files\msn\msncorefiles\install\msn9components\msncli.exe
    2010-12-20 21:26:46 966656 ------w- c:\program files\msn\msncorefiles\oobe\obemetal.dll
    2010-12-20 21:26:46 86016 ------w- c:\program files\msn\msncorefiles\oobe\obepopc.dll
    2010-12-20 21:26:46 77824 ------w- c:\program files\msn\msncorefiles\oobe\obemtllc.dll
    2010-12-20 21:26:46 229376 ------w- c:\program files\msn\msncorefiles\oobe\obelog.dll
    2010-12-20 21:10:03 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2010-12-20 21:10:00 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2010-12-20 21:04:53 19569 ----a-w- c:\windows\003781_.tmp
    2010-12-20 20:42:32 -------- d-----w- C:\62b12420910b1e08f87ea2
    2010-12-20 20:16:07 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-12-20 20:16:02 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-12-20 20:16:02 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-20 20:15:15 9623680 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2010-12-20 20:15:15 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-12-20 20:15:10 6359552 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2010-12-20 20:15:10 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-12-20 20:13:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-12-20 20:13:41 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-12-20 20:13:40 888424 ----a-w- c:\windows\system32\nvdispco32.dll
    2010-12-20 20:13:40 813672 ----a-w- c:\windows\system32\nvgenco32.dll
    2010-12-20 20:13:40 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-12-20 20:13:40 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-12-20 20:13:40 2293194 ----a-w- c:\windows\system32\nvdata.bin
    2010-12-20 20:13:38 4882432 ----a-w- c:\windows\system32\nvcuda.dll
    2010-12-20 20:13:31 1462272 ----a-w- c:\windows\system32\nvapi.dll
    2010-12-20 20:13:31 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-12-20 17:54:57 -------- d-----w- c:\program files\ACW
    2010-12-19 23:03:53 9216 -c--a-w- c:\windows\system32\dllcache\winfax.dll
    2010-12-19 22:40:12 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-12-19 22:40:09 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2010-12-19 22:40:09 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-12-19 22:40:05 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2010-12-19 22:40:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2010-12-19 22:40:03 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-12-19 22:40:00 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
    2010-12-19 22:38:59 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2010-12-19 22:37:58 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2010-12-19 22:36:59 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
    2010-12-19 22:35:59 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2010-12-19 22:34:59 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
    2010-12-19 22:33:58 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
    2010-12-19 22:33:57 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
    2010-12-19 22:33:34 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
    2010-12-19 22:33:24 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
    2010-12-19 22:33:23 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
    2010-12-19 22:33:19 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
    2010-12-19 22:33:08 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2010-12-19 22:33:07 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2010-12-19 22:33:01 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-12-19 22:31:59 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2010-12-19 22:30:58 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-12-19 22:29:59 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2010-12-19 22:28:59 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
    2010-12-19 22:27:57 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
    2010-12-19 22:26:59 236060 -c--a-w- c:\windows\system32\dllcache\ditrace.exe
    2010-12-19 22:25:58 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
    2010-12-19 22:24:28 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-12-19 22:23:59 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
    2010-12-19 22:22:57 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
    2010-12-16 22:51:36 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\HTC
    2010-12-16 22:48:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\HTC
    2010-12-16 22:48:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Teleca
    2010-12-16 22:44:00 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
    2010-12-16 22:44:00 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2010-12-16 22:43:43 -------- d-----w- c:\program files\Spirent Communications
    2010-12-16 22:43:13 -------- d-----w- c:\program files\HTC
    2010-12-09 20:46:38 368248 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symtdi.sys
    2010-12-09 20:46:38 330360 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symtdiv.sys
    2010-12-09 20:46:38 295032 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symnets.sys
    2010-12-09 20:46:37 652336 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symefa.sys
    2010-12-09 20:46:37 509560 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\srtsp.sys
    2010-12-09 20:46:37 50168 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\srtspx.sys
    2010-12-09 20:46:37 340016 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symds.sys
    2010-12-09 20:46:37 136312 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\ironx86.sys
    2010-12-09 20:46:13 -------- d-----w- c:\windows\system32\drivers\nav\1205000.07D
    2010-12-02 00:55:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
    2010-12-02 00:52:35 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-12-02 00:52:03 -------- d-----w- C:\NVIDIA
    2010-12-01 20:46:52 -------- d-----w- c:\docume~1\admini~1\applic~1\ElevatedDiagnostics
    2010-12-01 16:23:13 -------- d-----w- C:\!KillBox
    2010-12-01 16:16:08 -------- d-----w- c:\program files\Citrix
    2010-12-01 16:15:48 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Citrix
    2010-12-01 16:15:44 103784 ----a-w- c:\documents and settings\administrator\GoToAssistDownloadHelper.exe
    2010-11-29 22:22:52 -------- d-----w- C:\spoolerlogs
    2010-11-29 07:17:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-29 07:17:05 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-11-29 07:16:10 -------- d-----w- c:\windows\system32\drivers\NAV
    2010-11-29 07:16:04 -------- d-----w- c:\program files\Norton AntiVirus
    2010-11-29 04:35:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-11-29 04:35:24 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-29 04:06:49 94208 ----a-w- c:\windows\DUMPb1a4.tmp
    2010-11-29 04:02:55 -------- d-sh--w- C:\found.000
    2010-11-26 18:16:01 -------- d-----w- c:\docume~1\admini~1\applic~1\dBpoweramp
    2010-11-26 18:12:03 -------- d-----w- c:\program files\Real Alternative
    2010-11-26 18:00:46 -------- d-----w- c:\program files\Illustrate

    ==================== Find3M ====================

    2010-12-21 15:13:08 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-12-20 21:36:09 315392 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pchmsxml.dll
    2010-12-20 21:36:02 36864 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\gnu.dll
    2010-12-20 21:35:48 122880 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\SearchCtrl.dll
    2010-12-20 21:35:19 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\FDIWrapper.dll
    2010-12-20 21:35:15 69632 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\msxmlwrapper.dll
    2010-12-20 21:35:04 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\WinVerifyTrust.dll
    2010-12-20 21:33:58 307200 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\pchnotify.exe
    2010-12-20 21:33:58 135168 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\ContentUpdater.exe
    2010-12-20 21:33:57 24576 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\pcdapi.dll
    2010-12-20 21:33:56 4096 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\winverifytrustwrapper.dll
    2010-12-20 21:33:56 344064 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\api.dll
    2010-12-20 21:33:56 26572 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\INV16.dll
    2010-12-20 21:33:55 212992 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\jsharpde\jsharpinterp.dll
    2010-12-20 21:33:55 155648 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xpenabf3en\plugin\bin\PCHButton.exe
    2008-06-12 20:43:02 1481049 ----a-w- c:\program files\ACE Slideshow.exe
    2008-02-22 06:10:01 606176 ----a-w- c:\program files\AmazonMP3Installer.exe
    2007-05-15 20:36:35 6982865 ----a-w- c:\program files\cakewalkexp80.exe
    2007-04-18 23:40:56 9269827 ------w- c:\program files\WUSB54Gv4_20051110.exe
    2004-08-04 07:02:44 329728 ----a-w- c:\program files\netsetup.exe

    ============= FINISH: 18:17:03.79 ===============
     
  2. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    I didn't see any indication of how long GMER takes to run, but it did hang for over an hour on a file I know is only about 36KB.

    There is a mysterious folder in my root directory called !KillBox and I don't know where it came from. There is also a folder on my desktop called VRT that contains four files: autoruns.exe, bcheck.exe, killbox.exe and root.exe that also appeared mysteriously. Lastly, whenever the computer shuts down, it spends a long time trying to shut down osa.exe and I finally have to hit "End now" to get rid of it. I understand this is the Office Startup Assistant. I find this a bit strange.

    Thanks!
     
  3. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    When Windows first starts up, there is a message box with no title. The message just says "Unable to load configuration" and only offers the option to hit "OK." Thanks again.
     
  4. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5375

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    12/22/2010 1:06:29 AM
    mbam-log-2010-12-22 (01-06-29).txt

    Scan type: Quick scan
    Objects scanned: 155035
    Time elapsed: 40 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0643F673-B23F-5888-8EB0-F9ED61EB10F9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0643F673-B23F-5888-8EB0-F9ED61EB10F9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0643F673-B23F-5888-8EB0-F9ED61EB10F9} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36377A93-000C-E73B-A58B-A58FACEA633F} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{36377A93-000C-E73B-A58B-A58FACEA633F} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36377A93-000C-E73B-A58B-A58FACEA633F} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Sorry to be impatient, but I am leaving town shortly. I know everyone is busy, and also bogged down with the holidays, but I'm scared I'll lose my place in the queue and have to reinitiate when I get back. Thanks!
     
  6. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Bump - also want to reiterate I included or attached all logs as directed except GMER which hangs each time although I close all programs and don't touch the mouse. Maybe you can recommend another rootkit scanner? Thanks.
     
  7. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Just so I know, am I pretty much out of luck if I can't run GMER? Is that the reason no one can help me? I am trying to be patient, but I notice that others who posted their problems just a few days ago are already being helped. Also, if my problem isn't responded to within a certain amount of time, will my post just disappear? Will I have to start all over again? Thanks.
     
  8. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Oh, I have already tried a paid service (McAfee) and my local computer store. They referred me to you. If you can't help me, can you at least tell me what I am doing wrong (other than being impatient, I know, but it's been a month since this thing hit me, and 10 days since I originally posted) so I won't make the same mistake if I need your help in the future? Thank you very much.
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Prawnwoman,

    Not sure why your thread got overlooked, as follows please:

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Befor saving to the Desktop rename to Gotcha.exe as follows:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in your reply please,

    Kevin
     
  10. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Kevin, thank you so much for responding. I'm grateful for the assistance. The ComboFix.txt log is pasted below. I noticed that Norton Anti-virus popped up saying it was doing a full system scan, even as the balloon saying it was disabled was showing. I hope this was ComboFix's doing.


    ComboFix 10-12-31.01 - Administrator 12/31/2010 14:28:06.1.2 - x86
    Running from: c:\documents and settings\Administrator\Desktop\gotcha.exe
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\GoToAssistDownloadHelper.exe
    c:\windows\system32\Cache
    c:\windows\system32\Temp
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_RPCPATCH
    -------\Legacy_RPCTFTPD


    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
    .

    2010-12-24 15:30 . 2010-12-24 15:30 -------- d-----w- c:\program files\Sophos
    2010-12-22 05:14 . 2010-12-22 05:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-12-22 05:14 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-22 05:14 . 2010-12-22 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-22 05:13 . 2010-12-22 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-22 05:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-22 01:15 . 2010-12-22 01:15 -------- dc----w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2010-12-21 18:39 . 2010-12-21 18:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\WinBatch
    2010-12-21 18:39 . 2010-12-21 18:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
    2010-12-21 16:23 . 2010-12-21 16:24 -------- d-----w- C:\fac3d73d054712714d362e
    2010-12-21 16:21 . 2010-12-21 16:23 -------- d-----w- C:\fb5585a6bf4c538749d45bd4
    2010-12-20 21:28 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-12-20 21:28 . 2008-04-14 10:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-12-20 21:28 . 2008-04-14 10:42 1306624 ------w- c:\windows\system32\msxml6.dll
    2010-12-20 21:28 . 2008-04-14 03:57 79872 ------w- c:\windows\system32\msxml6r.dll
    2010-12-20 21:26 . 2007-04-03 05:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\install\msnsusii.exe
    2010-12-20 21:26 . 2007-04-03 05:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\digcore.exe
    2010-12-20 21:26 . 2007-04-03 05:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\msncli.exe
    2010-12-20 21:26 . 2008-04-14 10:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemetal.dll
    2010-12-20 21:26 . 2008-04-14 10:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obepopc.dll
    2010-12-20 21:26 . 2008-04-14 10:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obelog.dll
    2010-12-20 21:26 . 2007-04-03 05:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemtllc.dll
    2010-12-20 21:10 . 2008-04-14 03:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2010-12-20 21:10 . 2008-04-14 05:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2010-12-20 21:04 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003781_.tmp
    2010-12-20 20:42 . 2010-12-20 22:59 -------- d-----w- C:\62b12420910b1e08f87ea2
    2010-12-20 20:16 . 2010-12-21 17:51 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-12-20 20:16 . 2010-12-21 17:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-20 20:16 . 2010-12-21 17:50 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-12-20 20:15 . 2010-10-16 18:55 9623680 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2010-12-20 20:15 . 2010-10-16 18:55 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-12-20 20:15 . 2010-10-16 18:55 6359552 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2010-12-20 20:15 . 2010-10-16 18:55 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-12-20 20:13 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-12-20 20:13 . 2010-10-16 18:55 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-12-20 20:13 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
    2010-12-20 20:13 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
    2010-12-20 20:13 . 2010-10-16 18:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
    2010-12-20 20:13 . 2010-10-16 18:55 1462272 ----a-w- c:\windows\system32\nvapi.dll
    2010-12-20 20:13 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-12-20 17:54 . 2010-12-20 17:54 -------- d-----w- c:\program files\ACW
    2010-12-19 23:03 . 2003-07-30 12:00 9216 -c--a-w- c:\windows\system32\dllcache\winfax.dll
    2010-12-19 22:40 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-12-19 22:40 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2010-12-19 22:40 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-12-19 22:40 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2010-12-19 22:40 . 2008-04-14 03:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2010-12-19 22:40 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-12-19 22:40 . 2008-04-14 03:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
    2010-12-19 22:38 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2010-12-19 22:37 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2010-12-19 22:36 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
    2010-12-19 22:35 . 2001-08-17 18:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2010-12-19 22:34 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
    2010-12-19 22:33 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
    2010-12-19 22:33 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
    2010-12-19 22:33 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
    2010-12-19 22:33 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
    2010-12-19 22:33 . 2001-08-17 18:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
    2010-12-19 22:33 . 2008-04-14 05:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
    2010-12-19 22:33 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2010-12-19 22:33 . 2001-08-17 17:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2010-12-19 22:33 . 2001-08-17 17:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-12-19 22:31 . 2003-07-30 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2010-12-19 22:30 . 2008-04-14 05:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-12-19 22:29 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2010-12-19 22:28 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
    2010-12-19 22:27 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
    2010-12-19 22:26 . 2001-08-18 03:36 236060 -c--a-w- c:\windows\system32\dllcache\ditrace.exe
    2010-12-19 22:25 . 2001-08-17 17:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
    2010-12-19 22:24 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-12-19 22:23 . 2008-04-14 05:06 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
    2010-12-19 22:22 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
    2010-12-16 22:51 . 2010-12-16 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC
    2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
    2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
    2010-12-16 22:44 . 2009-06-10 21:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
    2010-12-16 22:44 . 2009-06-09 19:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2010-12-16 22:43 . 2010-12-16 22:43 -------- d-----w- c:\program files\Spirent Communications
    2010-12-16 22:43 . 2010-12-16 22:48 -------- d-----w- c:\program files\HTC
    2010-12-09 20:46 . 2010-12-19 03:14 -------- d-----w- c:\windows\system32\drivers\NAV\1205000.07D
    2010-12-02 00:55 . 2010-12-20 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2010-12-02 00:52 . 2010-12-21 17:47 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-12-02 00:52 . 2010-12-02 00:52 -------- d-----w- C:\NVIDIA
    2010-12-01 20:46 . 2010-12-01 20:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 21:36 . 2010-12-20 21:36 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchmsxml.dll
    2010-12-20 21:36 . 2010-12-20 21:36 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\gnu.dll
    2010-12-20 21:35 . 2010-12-20 21:35 122880 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\SearchCtrl.dll
    2010-12-20 21:35 . 2010-12-20 21:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\FDIWrapper.dll
    2010-12-20 21:35 . 2010-12-20 21:35 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\msxmlwrapper.dll
    2010-12-20 21:35 . 2010-12-20 21:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\WinVerifyTrust.dll
    2010-12-20 21:34 . 2010-12-20 21:34 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\util.dll
    2010-12-20 21:34 . 2010-12-20 21:34 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\hwinv.dll
    2010-12-20 21:34 . 2010-12-20 21:34 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchmsxml.dll
    2010-12-20 21:34 . 2010-12-20 21:34 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchapi.dll
    2010-12-20 21:34 . 2010-12-20 21:34 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\ZipLib.dll
    2010-12-20 21:34 . 2010-12-20 21:34 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\asst_ui.dll
    2010-12-20 21:34 . 2010-12-20 21:34 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\motivede.dll
    2010-12-20 21:34 . 2010-12-20 21:34 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\msxmlwrapper.dll
    2010-12-20 21:34 . 2010-12-20 21:34 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\GUI.dll
    2010-12-20 21:34 . 2010-12-20 21:34 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PluginCtrl.dll
    2010-12-20 21:34 . 2010-12-20 21:34 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchealthplugin.dll
    2010-12-20 21:34 . 2010-12-20 21:34 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\clientutil52.dll
    2010-12-20 21:34 . 2010-12-20 21:34 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\client_motkt.dll
    2010-12-20 21:34 . 2010-12-20 21:34 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHI18N.dll
    2010-12-20 21:34 . 2010-12-20 21:34 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchealthde.exe
    2010-12-20 21:33 . 2010-12-20 21:33 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchnotify.exe
    2010-12-20 21:33 . 2010-12-20 21:33 135168 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\ContentUpdater.exe
    2010-12-20 21:33 . 2010-12-20 21:33 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pcdapi.dll
    2010-12-20 21:33 . 2010-12-20 21:33 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\winverifytrustwrapper.dll
    2010-12-20 21:33 . 2010-12-20 21:33 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\api.dll
    2010-12-20 21:33 . 2010-12-20 21:33 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\INV16.dll
    2010-12-20 21:33 . 2010-12-20 21:33 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\jsharpinterp.dll
    2010-12-20 21:33 . 2010-12-20 21:33 155648 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHButton.exe
    2010-11-29 08:01 . 2010-11-29 04:06 94208 ----a-w- c:\windows\DUMPb1a4.tmp
    2010-11-29 07:17 . 2010-11-29 07:17 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-29 07:17 . 2010-11-29 07:17 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2008-06-12 20:43 . 2008-06-13 12:51 1481049 ----a-w- c:\program files\ACE Slideshow.exe
    2008-02-22 06:10 . 2008-02-22 06:10 606176 ----a-w- c:\program files\AmazonMP3Installer.exe
    2007-05-15 20:36 . 2007-05-15 20:37 6982865 ----a-w- c:\program files\cakewalkexp80.exe
    2007-04-18 23:40 . 2007-04-19 01:47 9269827 ------w- c:\program files\WUSB54Gv4_20051110.exe
    2004-08-04 07:02 . 2007-01-05 17:56 329728 ----a-w- c:\program files\netsetup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
    "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
    "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
    "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
    "AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-07-10 114688]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-20 335872]
    "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
    "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 77887]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 50176]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-5-3 25214]
    Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2007-4-22 36864]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
    Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2007-4-22 36864]
    TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-4-3 114688]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MIDI1"=vpnt.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "57511:TCP"= 57511:TCP:pandoRest Listening Port

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R3 DYEJPQ;DYEJPQ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DYEJPQ.exe [x]
    R3 FTTW;FTTW;c:\docume~1\ADMINI~1\LOCALS~1\Temp\FTTW.exe [x]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B.tmp [x]
    R3 NHKGJAUXIJ;NHKGJAUXIJ;c:\docume~1\ADMINI~1\LOCALS~1\Temp\NHKGJAUXIJ.exe [x]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
    R3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\srs_ViewSonic_i386.sys [2008-03-24 37504]
    R3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R3 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]
    S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-12-10 120248]
    S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2009-08-24 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-29 102448]
    S3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\DRIVERS\EvcapMau.sys [2003-08-06 177408]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101229.002\IDSxpx86.sys [2010-11-09 341944]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:34]

    2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:34]

    2010-12-31 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-16 23:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: travelers.com
    Trusted Zone: travelerspc.com
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4cwshz6o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: browser.startup.homepage - www.nature-by-design.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Administrator\Application Data\Move Networks
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-Wdf01000.sys
    AddRemove-EarPower30 - c:\windows\EarPower30 Uninstall.exe
    AddRemove-MUSICMATCH Radio - c:\windows\MMRadioUninstall.exe
    AddRemove-WinFax - c:\program files\WinFax\WFXUNIST.ISU



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-31 15:14
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\B.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(620)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3576)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\ehome\ehSched.exe
    c:\windows\system32\imapi.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\System32\locator.exe
    c:\windows\system32\Tablet.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
    c:\windows\ALCXMNTR.EXE
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-31 15:28:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-31 20:28

    Pre-Run: 373,944,233,984 bytes free
    Post-Run: 374,047,232,000 bytes free

    - - End Of File - - 63072B37DEE5E815AEF6A41A556D3EC0
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Prawnwoman,

    Did Norton kick in after CF re-booted the system?

    Please continue as follows :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    
    File::
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\DYEJPQ.exe
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\FTTW.exe
    c:\docume~1\ADMINI~1\LOCALS~1\Temp\NHKGJAUXIJ.exe
    
    Driver::
    DYEJPQ
    FTTW
    NHKGJAUXIJ
    
    DDS::
    Trusted Zone: travelers.com
    Trusted Zone: travelerspc.com
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your
    system.

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    What i`d like in your reply :-

    • Log from Combofix
    • Log from ESET
    • Log from Security Check
    • System review, issues/concerns?

    Kevin
     
  12. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Logs are below. Norton kicked in BEFORE ComboFix rebooted the system (this in spite of the fact that I disabled it).

    The first time I ran ComboFix, it asked me if I wanted to update it. You didn't say anything about this, so I ran it once without updating (the first results). Norton did not kick in.

    The second time I updated ComboFix (the second results). Norton DID kick in that time, despite the fact that I disabled it.

    The untitled "Unable to load configuration" error I had after rebooting seems to be gone. Visual FoxPro 8.0 still will not load. I haven't tried Media Center to see if the "files are missing or corrupted" error persists. Thanks!


    Here is the log from the first time before I updated:

    ComboFix 10-12-31.01 - Administrator 01/01/2011 11:35:56.2.2 - x86
    Running from: c:\documents and settings\Administrator\Desktop\gotcha.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    * Created a new restore point

    FILE ::
    "c:\docume~1\ADMINI~1\LOCALS~1\Temp\DYEJPQ.exe"
    "c:\docume~1\ADMINI~1\LOCALS~1\Temp\FTTW.exe"
    "c:\docume~1\ADMINI~1\LOCALS~1\Temp\NHKGJAUXIJ.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\bszip.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DYEJPQ
    -------\Legacy_FTTW
    -------\Legacy_NHKGJAUXIJ
    -------\Service_DYEJPQ
    -------\Service_FTTW
    -------\Service_NHKGJAUXIJ


    ((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
    .

    2010-12-24 15:30 . 2010-12-24 15:30 -------- d-----w- c:\program files\Sophos
    2010-12-22 05:14 . 2010-12-22 05:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-12-22 05:14 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-22 05:14 . 2010-12-22 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-22 05:13 . 2010-12-22 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-22 05:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-22 01:15 . 2010-12-22 01:15 -------- dc----w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2010-12-21 18:39 . 2010-12-21 18:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\WinBatch
    2010-12-21 18:39 . 2010-12-21 18:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
    2010-12-21 16:23 . 2010-12-21 16:24 -------- d-----w- C:\fac3d73d054712714d362e
    2010-12-21 16:21 . 2010-12-21 16:23 -------- d-----w- C:\fb5585a6bf4c538749d45bd4
    2010-12-20 21:28 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-12-20 21:28 . 2008-04-14 10:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-12-20 21:28 . 2008-04-14 10:42 1306624 ------w- c:\windows\system32\msxml6.dll
    2010-12-20 21:28 . 2008-04-14 03:57 79872 ------w- c:\windows\system32\msxml6r.dll
    2010-12-20 21:26 . 2007-04-03 05:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\install\msnsusii.exe
    2010-12-20 21:26 . 2007-04-03 05:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\digcore.exe
    2010-12-20 21:26 . 2007-04-03 05:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\msncli.exe
    2010-12-20 21:26 . 2008-04-14 10:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemetal.dll
    2010-12-20 21:26 . 2008-04-14 10:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obepopc.dll
    2010-12-20 21:26 . 2008-04-14 10:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obelog.dll
    2010-12-20 21:26 . 2007-04-03 05:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemtllc.dll
    2010-12-20 21:10 . 2008-04-14 03:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2010-12-20 21:10 . 2008-04-14 05:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2010-12-20 21:04 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003781_.tmp
    2010-12-20 20:42 . 2010-12-20 22:59 -------- d-----w- C:\62b12420910b1e08f87ea2
    2010-12-20 20:16 . 2010-12-21 17:51 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-12-20 20:16 . 2010-12-21 17:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-20 20:16 . 2010-12-21 17:50 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-12-20 20:15 . 2010-10-16 18:55 9623680 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2010-12-20 20:15 . 2010-10-16 18:55 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-12-20 20:15 . 2010-10-16 18:55 6359552 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2010-12-20 20:15 . 2010-10-16 18:55 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-12-20 20:13 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-12-20 20:13 . 2010-10-16 18:55 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-12-20 20:13 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
    2010-12-20 20:13 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
    2010-12-20 20:13 . 2010-10-16 18:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
    2010-12-20 20:13 . 2010-10-16 18:55 1462272 ----a-w- c:\windows\system32\nvapi.dll
    2010-12-20 20:13 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-12-20 17:54 . 2010-12-20 17:54 -------- d-----w- c:\program files\ACW
    2010-12-19 23:03 . 2003-07-30 12:00 9216 -c--a-w- c:\windows\system32\dllcache\winfax.dll
    2010-12-19 22:40 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-12-19 22:40 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2010-12-19 22:40 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-12-19 22:40 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2010-12-19 22:40 . 2008-04-14 03:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2010-12-19 22:40 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-12-19 22:40 . 2008-04-14 03:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
    2010-12-19 22:38 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2010-12-19 22:37 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2010-12-19 22:36 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
    2010-12-19 22:35 . 2001-08-17 18:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2010-12-19 22:34 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
    2010-12-19 22:33 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
    2010-12-19 22:33 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
    2010-12-19 22:33 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
    2010-12-19 22:33 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
    2010-12-19 22:33 . 2001-08-17 18:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
    2010-12-19 22:33 . 2008-04-14 05:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
    2010-12-19 22:33 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2010-12-19 22:33 . 2001-08-17 17:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2010-12-19 22:33 . 2001-08-17 17:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-12-19 22:31 . 2003-07-30 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2010-12-19 22:30 . 2008-04-14 05:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-12-19 22:29 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2010-12-19 22:28 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
    2010-12-19 22:27 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
    2010-12-19 22:26 . 2001-08-18 03:36 236060 -c--a-w- c:\windows\system32\dllcache\ditrace.exe
    2010-12-19 22:25 . 2001-08-17 17:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
    2010-12-19 22:24 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-12-19 22:23 . 2008-04-14 05:06 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
    2010-12-19 22:22 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
    2010-12-16 22:51 . 2010-12-16 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC
    2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
    2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
    2010-12-16 22:44 . 2009-06-10 21:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
    2010-12-16 22:44 . 2009-06-09 19:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2010-12-16 22:43 . 2010-12-16 22:43 -------- d-----w- c:\program files\Spirent Communications
    2010-12-16 22:43 . 2010-12-16 22:48 -------- d-----w- c:\program files\HTC
    2010-12-09 20:46 . 2010-12-19 03:14 -------- d-----w- c:\windows\system32\drivers\NAV\1205000.07D

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 21:36 . 2010-12-20 21:36 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchmsxml.dll
    2010-12-20 21:36 . 2010-12-20 21:36 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\gnu.dll
    2010-12-20 21:35 . 2010-12-20 21:35 122880 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\SearchCtrl.dll
    2010-12-20 21:35 . 2010-12-20 21:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\FDIWrapper.dll
    2010-12-20 21:35 . 2010-12-20 21:35 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\msxmlwrapper.dll
    2010-12-20 21:35 . 2010-12-20 21:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\WinVerifyTrust.dll
    2010-12-20 21:34 . 2010-12-20 21:34 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\util.dll
    2010-12-20 21:34 . 2010-12-20 21:34 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\hwinv.dll
    2010-12-20 21:34 . 2010-12-20 21:34 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchmsxml.dll
    2010-12-20 21:34 . 2010-12-20 21:34 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchapi.dll
    2010-12-20 21:34 . 2010-12-20 21:34 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\ZipLib.dll
    2010-12-20 21:34 . 2010-12-20 21:34 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\asst_ui.dll
    2010-12-20 21:34 . 2010-12-20 21:34 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\motivede.dll
    2010-12-20 21:34 . 2010-12-20 21:34 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\msxmlwrapper.dll
    2010-12-20 21:34 . 2010-12-20 21:34 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\GUI.dll
    2010-12-20 21:34 . 2010-12-20 21:34 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PluginCtrl.dll
    2010-12-20 21:34 . 2010-12-20 21:34 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchealthplugin.dll
    2010-12-20 21:34 . 2010-12-20 21:34 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\clientutil52.dll
    2010-12-20 21:34 . 2010-12-20 21:34 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\client_motkt.dll
    2010-12-20 21:34 . 2010-12-20 21:34 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHI18N.dll
    2010-12-20 21:34 . 2010-12-20 21:34 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchealthde.exe
    2010-12-20 21:33 . 2010-12-20 21:33 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchnotify.exe
    2010-12-20 21:33 . 2010-12-20 21:33 135168 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\ContentUpdater.exe
    2010-12-20 21:33 . 2010-12-20 21:33 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pcdapi.dll
    2010-12-20 21:33 . 2010-12-20 21:33 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\winverifytrustwrapper.dll
    2010-12-20 21:33 . 2010-12-20 21:33 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\api.dll
    2010-12-20 21:33 . 2010-12-20 21:33 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\INV16.dll
    2010-12-20 21:33 . 2010-12-20 21:33 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\jsharpinterp.dll
    2010-12-20 21:33 . 2010-12-20 21:33 155648 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHButton.exe
    2010-11-29 08:01 . 2010-11-29 04:06 94208 ----a-w- c:\windows\DUMPb1a4.tmp
    2010-11-29 07:17 . 2010-11-29 07:17 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-29 07:17 . 2010-11-29 07:17 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2008-06-12 20:43 . 2008-06-13 12:51 1481049 ----a-w- c:\program files\ACE Slideshow.exe
    2008-02-22 06:10 . 2008-02-22 06:10 606176 ----a-w- c:\program files\AmazonMP3Installer.exe
    2007-05-15 20:36 . 2007-05-15 20:37 6982865 ----a-w- c:\program files\cakewalkexp80.exe
    2007-04-18 23:40 . 2007-04-19 01:47 9269827 ------w- c:\program files\WUSB54Gv4_20051110.exe
    2004-08-04 07:02 . 2007-01-05 17:56 329728 ----a-w- c:\program files\netsetup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
    "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
    "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
    "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
    "AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-07-10 114688]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-20 335872]
    "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
    "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 77887]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 50176]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-5-3 25214]
    Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2007-4-22 36864]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
    Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2007-4-22 36864]
    TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-4-3 114688]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    AutoTBar.exe [2003-6-18 53248]
    mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MIDI1"=vpnt.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "57511:TCP"= 57511:TCP:pandoRest Listening Port

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B.tmp [x]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
    R3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\srs_ViewSonic_i386.sys [2008-03-24 37504]
    R3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R3 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]
    S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-12-10 120248]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2009-08-24 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-29 102448]
    S3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\DRIVERS\EvcapMau.sys [2003-08-06 177408]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101231.001\IDSxpx86.sys [2010-11-09 341944]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:34]

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:34]

    2011-01-01 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-16 23:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4cwshz6o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: browser.startup.homepage - www.nature-by-design.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Administrator\Application Data\Move Networks
    FF - user.js: yahoo.homepage.dontask - true
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-01 12:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\B.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(600)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3864)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\ehome\ehSched.exe
    c:\windows\system32\imapi.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\System32\locator.exe
    c:\windows\system32\Tablet.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\fxssvc.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\ALCXMNTR.EXE
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-01 12:42:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-01 17:42
    ComboFix2.txt 2010-12-31 20:28

    Pre-Run: 374,008,672,256 bytes free
    Post-Run: 373,999,808,512 bytes free

    - - End Of File - - C9AA879B775E7866F450EE467358AA04


    Here is the log from after I updated:

    ComboFix 11-01-01.01 - Administrator 01/01/2011 13:00:44.3.2 - x86
    Running from: c:\documents and settings\Administrator\Desktop\gotcha.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    * Created a new restore point

    FILE ::
    "c:\docume~1\ADMINI~1\LOCALS~1\Temp\DYEJPQ.exe"
    "c:\docume~1\ADMINI~1\LOCALS~1\Temp\FTTW.exe"
    "c:\docume~1\ADMINI~1\LOCALS~1\Temp\NHKGJAUXIJ.exe"
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-01 to 2011-01-01 )))))))))))))))))))))))))))))))
    .

    2010-12-24 15:30 . 2010-12-24 15:30 -------- d-----w- c:\program files\Sophos
    2010-12-22 05:14 . 2010-12-22 05:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-12-22 05:14 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-22 05:14 . 2010-12-22 05:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-22 05:13 . 2010-12-22 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-22 05:13 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-22 01:15 . 2010-12-22 01:15 -------- dc----w- c:\documents and settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2010-12-21 18:39 . 2010-12-21 18:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\WinBatch
    2010-12-21 18:39 . 2010-12-21 18:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
    2010-12-21 16:23 . 2010-12-21 16:24 -------- d-----w- C:\fac3d73d054712714d362e
    2010-12-21 16:21 . 2010-12-21 16:23 -------- d-----w- C:\fb5585a6bf4c538749d45bd4
    2010-12-20 21:28 . 2008-04-14 03:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-12-20 21:28 . 2008-04-14 10:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-12-20 21:28 . 2008-04-14 10:42 1306624 ------w- c:\windows\system32\msxml6.dll
    2010-12-20 21:28 . 2008-04-14 03:57 79872 ------w- c:\windows\system32\msxml6r.dll
    2010-12-20 21:26 . 2007-04-03 05:12 1327320 ------w- c:\program files\MSN\MSNCoreFiles\install\msnsusii.exe
    2010-12-20 21:26 . 2007-04-03 05:04 884712 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\digcore.exe
    2010-12-20 21:26 . 2007-04-03 05:09 11053008 ------w- c:\program files\MSN\MSNCoreFiles\install\msn9components\msncli.exe
    2010-12-20 21:26 . 2008-04-14 10:40 966656 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemetal.dll
    2010-12-20 21:26 . 2008-04-14 10:40 86016 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obepopc.dll
    2010-12-20 21:26 . 2008-04-14 10:40 229376 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obelog.dll
    2010-12-20 21:26 . 2007-04-03 05:14 77824 ------w- c:\program files\MSN\MSNCoreFiles\oobe\obemtllc.dll
    2010-12-20 21:10 . 2008-04-14 03:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
    2010-12-20 21:10 . 2008-04-14 05:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2010-12-20 21:04 . 2006-12-29 05:31 19569 ----a-w- c:\windows\003781_.tmp
    2010-12-20 20:42 . 2010-12-20 22:59 -------- d-----w- C:\62b12420910b1e08f87ea2
    2010-12-20 20:16 . 2010-12-21 17:51 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-12-20 20:16 . 2010-12-21 17:51 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-20 20:16 . 2010-12-21 17:50 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-12-20 20:15 . 2010-10-16 18:55 9623680 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
    2010-12-20 20:15 . 2010-10-16 18:55 9623680 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-12-20 20:15 . 2010-10-16 18:55 6359552 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
    2010-12-20 20:15 . 2010-10-16 18:55 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-12-20 20:13 . 2010-10-16 18:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-12-20 20:13 . 2010-10-16 18:55 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-12-20 20:13 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco32.dll
    2010-12-20 20:13 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco32.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-12-20 20:13 . 2010-10-16 18:55 2293194 ----a-w- c:\windows\system32\nvdata.bin
    2010-12-20 20:13 . 2010-10-16 18:55 4882432 ----a-w- c:\windows\system32\nvcuda.dll
    2010-12-20 20:13 . 2010-10-16 18:55 1462272 ----a-w- c:\windows\system32\nvapi.dll
    2010-12-20 20:13 . 2010-10-16 18:55 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-12-20 17:54 . 2010-12-20 17:54 -------- d-----w- c:\program files\ACW
    2010-12-19 23:03 . 2003-07-30 12:00 9216 -c--a-w- c:\windows\system32\dllcache\winfax.dll
    2010-12-19 22:40 . 2001-08-17 18:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
    2010-12-19 22:40 . 2001-08-18 03:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
    2010-12-19 22:40 . 2001-08-18 03:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
    2010-12-19 22:40 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
    2010-12-19 22:40 . 2008-04-14 03:04 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys
    2010-12-19 22:40 . 2001-08-17 17:10 35871 -c--a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-12-19 22:40 . 2008-04-14 03:04 33599 -c--a-w- c:\windows\system32\dllcache\watv04nt.sys
    2010-12-19 22:38 . 2001-08-17 19:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
    2010-12-19 22:37 . 2001-08-17 18:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
    2010-12-19 22:36 . 2008-04-14 05:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
    2010-12-19 22:35 . 2001-08-17 18:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
    2010-12-19 22:34 . 2001-08-18 03:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
    2010-12-19 22:33 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
    2010-12-19 22:33 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
    2010-12-19 22:33 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
    2010-12-19 22:33 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
    2010-12-19 22:33 . 2001-08-17 18:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
    2010-12-19 22:33 . 2008-04-14 05:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
    2010-12-19 22:33 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
    2010-12-19 22:33 . 2001-08-17 17:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
    2010-12-19 22:33 . 2001-08-17 17:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-12-19 22:31 . 2003-07-30 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
    2010-12-19 22:30 . 2008-04-14 05:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
    2010-12-19 22:29 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2010-12-19 22:28 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
    2010-12-19 22:27 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
    2010-12-19 22:26 . 2001-08-18 03:36 236060 -c--a-w- c:\windows\system32\dllcache\ditrace.exe
    2010-12-19 22:25 . 2001-08-17 17:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
    2010-12-19 22:24 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-12-19 22:23 . 2008-04-14 05:06 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
    2010-12-19 22:22 . 2001-08-17 19:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
    2010-12-16 22:51 . 2010-12-16 22:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HTC
    2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
    2010-12-16 22:48 . 2010-12-16 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
    2010-12-16 22:44 . 2009-06-10 21:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
    2010-12-16 22:44 . 2009-06-09 19:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2010-12-16 22:43 . 2010-12-16 22:43 -------- d-----w- c:\program files\Spirent Communications
    2010-12-16 22:43 . 2010-12-16 22:48 -------- d-----w- c:\program files\HTC
    2010-12-09 20:46 . 2010-12-19 03:14 -------- d-----w- c:\windows\system32\drivers\NAV\1205000.07D

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 21:36 . 2010-12-20 21:36 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchmsxml.dll
    2010-12-20 21:36 . 2010-12-20 21:36 36864 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\gnu.dll
    2010-12-20 21:35 . 2010-12-20 21:35 122880 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\SearchCtrl.dll
    2010-12-20 21:35 . 2010-12-20 21:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\FDIWrapper.dll
    2010-12-20 21:35 . 2010-12-20 21:35 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\msxmlwrapper.dll
    2010-12-20 21:35 . 2010-12-20 21:35 77824 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\WinVerifyTrust.dll
    2010-12-20 21:34 . 2010-12-20 21:34 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\util.dll
    2010-12-20 21:34 . 2010-12-20 21:34 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\hwinv.dll
    2010-12-20 21:34 . 2010-12-20 21:34 315392 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchmsxml.dll
    2010-12-20 21:34 . 2010-12-20 21:34 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchapi.dll
    2010-12-20 21:34 . 2010-12-20 21:34 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\ZipLib.dll
    2010-12-20 21:34 . 2010-12-20 21:34 114688 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\asst_ui.dll
    2010-12-20 21:34 . 2010-12-20 21:34 434176 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\motivede.dll
    2010-12-20 21:34 . 2010-12-20 21:34 69632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\msxmlwrapper.dll
    2010-12-20 21:34 . 2010-12-20 21:34 5632 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\GUI.dll
    2010-12-20 21:34 . 2010-12-20 21:34 98304 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PluginCtrl.dll
    2010-12-20 21:34 . 2010-12-20 21:34 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchealthplugin.dll
    2010-12-20 21:34 . 2010-12-20 21:34 282624 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\clientutil52.dll
    2010-12-20 21:34 . 2010-12-20 21:34 356352 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\client_motkt.dll
    2010-12-20 21:34 . 2010-12-20 21:34 49152 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHI18N.dll
    2010-12-20 21:34 . 2010-12-20 21:34 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pchealthde.exe
    2010-12-20 21:33 . 2010-12-20 21:33 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\pchnotify.exe
    2010-12-20 21:33 . 2010-12-20 21:33 135168 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\ContentUpdater.exe
    2010-12-20 21:33 . 2010-12-20 21:33 24576 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\pcdapi.dll
    2010-12-20 21:33 . 2010-12-20 21:33 4096 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\winverifytrustwrapper.dll
    2010-12-20 21:33 . 2010-12-20 21:33 344064 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\api.dll
    2010-12-20 21:33 . 2010-12-20 21:33 26572 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\INV16.dll
    2010-12-20 21:33 . 2010-12-20 21:33 212992 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\jsharpde\jsharpinterp.dll
    2010-12-20 21:33 . 2010-12-20 21:33 155648 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPENABF3EN\plugin\bin\PCHButton.exe
    2010-11-29 08:01 . 2010-11-29 04:06 94208 ----a-w- c:\windows\DUMPb1a4.tmp
    2010-11-29 07:17 . 2010-11-29 07:17 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-29 07:17 . 2010-11-29 07:17 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2008-06-12 20:43 . 2008-06-13 12:51 1481049 ----a-w- c:\program files\ACE Slideshow.exe
    2008-02-22 06:10 . 2008-02-22 06:10 606176 ----a-w- c:\program files\AmazonMP3Installer.exe
    2007-05-15 20:36 . 2007-05-15 20:37 6982865 ----a-w- c:\program files\cakewalkexp80.exe
    2007-04-18 23:40 . 2007-04-19 01:47 9269827 ------w- c:\program files\WUSB54Gv4_20051110.exe
    2004-08-04 07:02 . 2007-01-05 17:56 329728 ----a-w- c:\program files\netsetup.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
    "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
    "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
    "StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
    "AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-07-10 114688]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-20 335872]
    "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
    "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
    "QuickFinder Scheduler"="c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-03-07 77887]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-28 198160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 50176]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 54936]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-5-3 25214]
    Billminder.lnk - c:\program files\QUICKENW\BILLMIND.EXE [2007-4-22 36864]
    HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-6-13 233472]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
    Quicken Startup.lnk - c:\program files\QUICKENW\QWDLLS.EXE [2007-4-22 36864]
    TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-4-3 114688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MIDI1"=vpnt.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "57511:TCP"= 57511:TCP:pandoRest Listening Port

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B.tmp [x]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
    R3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\srs_ViewSonic_i386.sys [2008-03-24 37504]
    R3 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
    R3 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS [2010-10-21 340016]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS [2010-11-18 652336]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [2010-11-04 691248]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS [2010-11-16 136312]
    S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe [2010-12-10 120248]
    S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe [2009-08-24 126392]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-29 102448]
    S3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\DRIVERS\EvcapMau.sys [2003-08-06 177408]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101231.001\IDSxpx86.sys [2010-11-09 341944]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:34]

    2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:34]

    2011-01-01 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-16 23:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4cwshz6o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - prefs.js: browser.search.selectedEngine - AIM Search
    FF - prefs.js: browser.startup.homepage - www.nature-by-design.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Administrator\Application Data\Move Networks
    FF - user.js: yahoo.homepage.dontask - true
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-01 13:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.4.131\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\B.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(608)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(4004)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\ehome\ehSched.exe
    c:\windows\system32\imapi.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\System32\locator.exe
    c:\windows\system32\Tablet.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\ALCXMNTR.EXE
    c:\program files\Common Files\Java\Java Update\jucheck.exe
    c:\windows\system32\dwwin.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-01 14:09:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-01 19:09
    ComboFix2.txt 2011-01-01 17:42
    ComboFix3.txt 2010-12-31 20:28

    Pre-Run: 374,010,929,152 bytes free
    Post-Run: 373,854,519,296 bytes free

    - - End Of File - - F873D622B94A6AAE71D64CF4664B219A


    Here is the log from the ESET scanner:

    C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\Common Files\Real\Toolbar\RealBar.dll probably a variant of Win32/Adware.Toolbar.Visicom.AB application
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\Movielink\MovielinkManager\MovielinkCore.exe probably a variant of Win32/Genetik trojan
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan


    Here is the Security Check log:

    Results of screen317's Security Check version 0.99.8
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    MuseScore 0.9.6.3 MuseScore score typesetter
    Norton AntiVirus
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java Web Start
    Java(TM) 6 Update 20
    Java(TM) 6 Update 3
    Java 2 Runtime Environment, SE v1.4.1_02
    Out of date Java installed!
    Adobe Flash Player 9 (Out of date Flash Player installed!)
    Adobe Flash Player 10.1.102.64
    Adobe Reader for Pocket PC 2.0
    Adobe Reader 9.1.2
    Chinese Traditional Fonts Support For Adobe Reader 9
    Out of date Adobe Reader installed!
    Mozilla Thunderbird (3.1.7)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Is it possible that there was a scheduled scan set to run for Norton? Combofix does not have any influence whatsoever over Norton.

    Continue as follows :-

    Step 1

    Upload a File to Virustotal
    Please visit Virustotal
    • Click the Browse... button
    • Navigate to the file C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe
    • Click the Open button
    • Click the Send button
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.
    • Repeat the above steps for the following files
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\Common Files\Real\Toolbar\RealBar.dll
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\Movielink\MovielinkManager\MovielinkCore.exe
    C:\Program Files\TestDisk\testdisk-6.6\win\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe


    Post back with the results from VirusTotal


    What is Visual FoxPro 8.0 can you re-install and see if it helps?

    Kevin
     
  14. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    File name:
    runner.exe
    Submission date:
    2011-01-03 02:08:24 (UTC)
    Current status:
    queued (#6) queued analysing finished
    [​IMG]
    Result:
    9/ 41 (22.0%)

    VT Community
    [​IMG]
    not reviewed
    Safety score: -
    Compact
    Print results

    Antivirus Version Last Update Result AhnLab-V32011.01.02.012011.01.02-AntiVir7.11.0.2502011.01.02-Antiy-AVL2.0.3.72011.01.03AdWare/BackWeb.a.genAvast4.8.1351.02011.01.02-Avast55.0.677.02011.01.02-AVG9.0.0.8512011.01.03-BitDefender7.22011.01.03-CAT-QuickHeal11.002011.01.02Trojan.Agent.IRCClamAV0.96.4.02011.01.03-Command5.2.11.52011.01.02-Comodo72762011.01.02-DrWeb5.0.2.033002011.01.03-eSafe7.0.17.02011.01.02-eTrust-Vet36.1.80742010.12.31-F-Prot4.6.2.1172011.01.02-F-Secure9.0.16160.02011.01.03-Fortinet4.2.254.02011.01.02-GData212011.01.03-IkarusT3.1.1.90.02011.01.03-Jiangmin13.0.9002011.01.02-K7AntiVirus9.75.34062010.12.31RiskwareMcAfee5.400.0.11582011.01.03Generic.dxMcAfee-GW-Edition2010.1C2011.01.02Generic.dxMicrosoft1.64022011.01.02-NOD3257542011.01.02probably a variant of Win32/Agent.CBFNBEONorman6.06.122011.01.02-nProtect2011-01-02.012011.01.02-Panda10.0.2.72011.01.02-PCTools7.0.3.52011.01.02Trojan.Generic.CSPrevx3.02011.01.03-Rising22.80.04.042010.12.31Trojan.Win32.Generic.524DF3F9Sophos4.60.02011.01.02Mal/Generic-LSUPERAntiSpyware4.40.0.10062011.01.03-Symantec20101.3.0.1032011.01.03-TheHacker6.7.0.1.1092011.01.03-TrendMicro9.120.0.10042011.01.02-TrendMicro-HouseCall9.120.0.10042011.01.03-VBA323.12.14.22010.12.30-VIPRE79302011.01.03-ViRobot2010.12.31.42322011.01.02-VirusBuster13.6.123.12011.01.02- Additional information
    Show all
    MD5 : 708fc5318f6ab059104ffd415f146781 SHA1 : 278038c76e058c4ad45fb53776b41c24fe7b45f5 SHA256: a194a8aa08058ae18c425f1490b3ac90497dbbd54cbeb104f4f09f14bfb2f854


    File name:
    RealBar.dll
    Submission date:
    2011-01-03 02:13:42 (UTC)
    Current status:
    queued queued analysing finished
    [​IMG]
    Result:
    19/ 42 (45.2%)

    VT Community
    [​IMG]
    not reviewed
    Safety score: -
    Compact
    Print results

    Antivirus Version Last Update Result AhnLab-V32011.01.02.012011.01.02-AntiVir7.11.0.2502011.01.02-Antiy-AVL2.0.3.72011.01.03AdWare/Win32.MegaSearch.genAvast4.8.1351.02011.01.02-Avast55.0.677.02011.01.02-AVG9.0.0.8512011.01.03-BitDefender7.22011.01.03-CAT-QuickHeal11.002011.01.02AdWare.MegaSearch.s (Not a Virus)ClamAV0.96.4.02011.01.03-Command5.2.11.52011.01.02-Comodo72762011.01.02ApplicUnwnt.Win32.AdWare.MegaSearch.sDrWeb5.0.2.033002011.01.03Adware.MegaSearchEmsisoft5.1.0.12011.01.03Riskware.AdWare.Win32.PowerSearch!IKeSafe7.0.17.02011.01.02-eTrust-VetNone2010.12.31-F-Prot4.6.2.1172011.01.02-F-Secure9.0.16160.02011.01.03-Fortinet4.2.254.02011.01.02Adware/MegasearchGData212011.01.03-IkarusT3.1.1.90.02011.01.03not-a-virus:AdWare.Win32.PowerSearchJiangmin13.0.9002011.01.02-K7AntiVirus9.75.34062010.12.31AdwareKaspersky7.0.0.1252011.01.03not-a-virus:AdWare.Win32.MegaSearch.sMcAfee5.400.0.11582011.01.03Generic PUP.xMcAfee-GW-Edition2010.1C2011.01.02Generic PUP.xMicrosoft1.64022011.01.02-NOD3257542011.01.02probably a variant of Win32/Adware.Toolbar.Visicom.ABNorman6.06.122011.01.02W32/Megasearch.TnProtect2011-01-02.012011.01.02Trojan-Clicker/W32.MegaSearch.784384Panda10.0.2.72011.01.02-PCTools7.0.3.52011.01.02Adware.MegaSearch!sd6Prevx3.02011.01.03Medium Risk MalwareRising22.80.04.042010.12.31-Sophos4.60.02011.01.02-SUPERAntiSpyware4.40.0.10062011.01.03-Symantec20101.3.0.1032011.01.03-TheHacker6.7.0.1.1092011.01.03Adware/MegaSearch.sTrendMicro9.120.0.10042011.01.02-TrendMicro-HouseCall9.120.0.10042011.01.03-VBA323.12.14.22010.12.30AdWare.Win32.MegaSearch.sVIPRE79302011.01.03-ViRobot2010.12.31.42322011.01.02Adware.MegaSearch.784384 Additional information
    Show all
    MD5 : 613a87c0028097bfd2adc933f2cb6ac0 SHA1 : e67352147573ff2cc7da9b6b2878dbb0f48eb20e SHA256: 6119ea304083789c5946ac9f045613e0aceca10e167a7716ff7692a35a000b1e
    File name:
    MovielinkCore.exe
    Submission date:
    2011-01-03 02:18:12 (UTC)
    Current status:
    queued (#3) queued analysing finished
    [​IMG]
    Result:
    1/ 43 (2.3%)

    VT Community
    [​IMG]
    not reviewed
    Safety score: -
    Compact
    Print results

    Antivirus Version Last Update Result AhnLab-V32011.01.02.012011.01.02-AntiVir7.11.0.2502011.01.02-Antiy-AVL2.0.3.72011.01.03-Avast4.8.1351.02011.01.02-Avast55.0.677.02011.01.02-AVG9.0.0.8512011.01.03-BitDefender7.22011.01.03-CAT-QuickHeal11.002011.01.02-ClamAV0.96.4.02011.01.03-Command5.2.11.52011.01.02-Comodo72762011.01.02-DrWeb5.0.2.033002011.01.03-Emsisoft5.1.0.12011.01.03-eSafe7.0.17.02011.01.02-eTrust-VetNone2010.12.31-F-Prot4.6.2.1172011.01.02-F-Secure9.0.16160.02011.01.03-Fortinet4.2.254.02011.01.02-GData212011.01.03-IkarusT3.1.1.90.02011.01.03-Jiangmin13.0.9002011.01.02-K7AntiVirus9.75.34062010.12.31-Kaspersky7.0.0.1252011.01.03-McAfee5.400.0.11582011.01.03-McAfee-GW-Edition2010.1C2011.01.02-Microsoft1.64022011.01.02-NOD3257542011.01.02probably a variant of Win32/GenetikNorman6.06.122011.01.02-nProtect2011-01-02.012011.01.02-Panda10.0.2.72011.01.02-PCTools7.0.3.52011.01.02-Prevx3.02011.01.03-Rising22.80.04.042010.12.31-Sophos4.60.02011.01.02-SUPERAntiSpyware4.40.0.10062011.01.03-Symantec20101.3.0.1032011.01.03-TheHacker6.7.0.1.1092011.01.03-TrendMicro9.120.0.10042011.01.02-TrendMicro-HouseCall9.120.0.10042011.01.03-VBA323.12.14.22010.12.30-VIPRE79302011.01.03-ViRobot2010.12.31.42322011.01.02-VirusBuster13.6.123.12011.01.02- Additional information
    Show all
    MD5 : 2a41002b7035d1b83849eeea2ac8f004 SHA1 : d4a0feae95d4dc330b587be7dce92296366dce3e SHA256: 514359081b9dc5397b5de93db95c7cfa7966ff03180aa5daf9a8271cad93f545
    File name:
    BackWeb-137903.exe
    Submission date:
    2011-01-03 02:19:54 (UTC)
    Current status:
    queued queued analysing finished
    [​IMG]
    Result:
    10/ 43 (23.3%)

    VT Community
    [​IMG]
    not reviewed
    Safety score: -
    Compact
    Print results

    Antivirus Version Last Update Result AhnLab-V32011.01.02.012011.01.02-AntiVir7.11.0.2502011.01.02-Antiy-AVL2.0.3.72011.01.03AdWare/BackWeb.a.genAvast4.8.1351.02011.01.02-Avast55.0.677.02011.01.02-AVG9.0.0.8512011.01.03-BitDefender7.22011.01.03-CAT-QuickHeal11.002011.01.02Trojan.Agent.IRCClamAV0.96.4.02011.01.03-Command5.2.11.52011.01.02-Comodo72762011.01.02-DrWeb5.0.2.033002011.01.03-Emsisoft5.1.0.12011.01.03Trojan.Win32.Agent.CBFNBEO!A2eSafe7.0.17.02011.01.02-eTrust-Vet36.1.80742010.12.31-F-Prot4.6.2.1172011.01.02-F-Secure9.0.16160.02011.01.03-Fortinet4.2.254.02011.01.02-GData212011.01.03-IkarusT3.1.1.90.02011.01.03-Jiangmin13.0.9002011.01.02-K7AntiVirus9.75.34062010.12.31RiskwareKaspersky7.0.0.1252011.01.03-McAfee5.400.0.11582011.01.03Generic.dxMcAfee-GW-Edition2010.1C2011.01.02Generic.dxMicrosoft1.64022011.01.02-NOD3257542011.01.02probably a variant of Win32/Agent.CBFNBEONorman6.06.122011.01.02-nProtect2011-01-02.012011.01.02-Panda10.0.2.72011.01.02-PCTools7.0.3.52011.01.02Trojan.Generic.CSPrevx3.02011.01.03-Rising22.80.04.042010.12.31Trojan.Win32.Generic.524DF3F9Sophos4.60.02011.01.02Mal/Generic-LSUPERAntiSpyware4.40.0.10062011.01.03-Symantec20101.3.0.1032011.01.03-TheHacker6.7.0.1.1092011.01.03-TrendMicro9.120.0.10042011.01.02-TrendMicro-HouseCall9.120.0.10042011.01.03-VBA323.12.14.22010.12.30-VIPRE79312011.01.03-ViRobot2010.12.31.42322011.01.02-VirusBuster13.6.123.12011.01.02- Additional information
    Show all
    MD5 : 708fc5318f6ab059104ffd415f146781 SHA1 : 278038c76e058c4ad45fb53776b41c24fe7b45f5 SHA256: a194a8aa08058ae18c425f1490b3ac90497dbbd54cbeb104f4f09f14bfb2f854
    File name:
    BackWeb-137903.exe
    Submission date:
    2011-01-03 02:23:03 (UTC)
    Current status:
    queued (#8) queued (#6) analysing finished
    [​IMG]
    Result:
    9/ 42 (21.4%)

    VT Community
    [​IMG]
    not reviewed
    Safety score: -
    Compact
    Print results

    Antivirus Version Last Update Result AhnLab-V32011.01.02.012011.01.02-AntiVir7.11.0.2502011.01.02-Antiy-AVL2.0.3.72011.01.03AdWare/BackWeb.a.genAvast4.8.1351.02011.01.02-Avast55.0.677.02011.01.02-AVG9.0.0.8512011.01.03-BitDefender7.22011.01.03-CAT-QuickHeal11.002011.01.02Trojan.Agent.IRCClamAV0.96.4.02011.01.03-Command5.2.11.52011.01.02-Comodo72762011.01.02-DrWeb5.0.2.033002011.01.03-eSafe7.0.17.02011.01.02-eTrust-Vet36.1.80742010.12.31-F-Prot4.6.2.1172011.01.02-F-Secure9.0.16160.02011.01.03-Fortinet4.2.254.02011.01.02-GData212011.01.03-IkarusT3.1.1.90.02011.01.03-Jiangmin13.0.9002011.01.02-K7AntiVirus9.75.34062010.12.31RiskwareKaspersky7.0.0.1252011.01.03-McAfee5.400.0.11582011.01.03Generic.dxMcAfee-GW-Edition2010.1C2011.01.02Generic.dxMicrosoft1.64022011.01.02-NOD3257542011.01.02probably a variant of Win32/Agent.CBFNBEONorman6.06.122011.01.02-nProtect2011-01-02.012011.01.02-Panda10.0.2.72011.01.02-PCTools7.0.3.52011.01.02Trojan.Generic.CSPrevx3.02011.01.03-Rising22.80.04.042010.12.31Trojan.Win32.Generic.524DF3F9Sophos4.60.02011.01.02Mal/Generic-LSUPERAntiSpyware4.40.0.10062011.01.03-Symantec20101.3.0.1032011.01.03-TheHacker6.7.0.1.1092011.01.03-TrendMicro9.120.0.10042011.01.02-TrendMicro-HouseCall9.120.0.10042011.01.03-VBA323.12.14.22010.12.30-VIPRE79312011.01.03-ViRobot2010.12.31.42322011.01.02-VirusBuster13.6.123.12011.01.02- Additional information
    Show all
    MD5 : 708fc5318f6ab059104ffd415f146781 SHA1 : 278038c76e058c4ad45fb53776b41c24fe7b45f5 SHA256: a194a8aa08058ae18c425f1490b3ac90497dbbd54cbeb104f4f09f14bfb2f854
     
  15. Prawnwoman

    Prawnwoman Thread Starter

    Joined:
    Dec 21, 2010
    Messages:
    21
    Hope I pasted the VirusTotal results correctly. I seem to have pasted in superfluous stuff! I will rerun if needed.

    The Norton scans were not scheduled.

    Visual FoxPro 8.0 is a database engine and XBase language compiler. I did try reinstalling it, but it didn't fix the problem.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969928

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice